Merge 54b203b3ed into 5e242ec578

Refactored obj.go to a more generic approach
Added object support for already implemented expressions
Added test for limit object
Small lint changes
Fixes https://github.com/google/nftables/issues/253

expr/bitwise.go

@@ -30,18 +30,7 @@ type Bitwise struct {
 	Xor            []byte
 }
 
-func (e *Bitwise) marshal(fam byte) ([]byte, error) {
+func (e *Bitwise) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("bitwise\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Bitwise) marshalData(fam byte) ([]byte, error) {
 	mask, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_DATA_VALUE, Data: e.Mask},
 	})
@@ -55,13 +44,23 @@ func (e *Bitwise) marshalData(fam byte) ([]byte, error) {
 		return nil, err
 	}
 
-	return netlink.MarshalAttributes([]netlink.Attribute{
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_BITWISE_SREG, Data: binaryutil.BigEndian.PutUint32(e.SourceRegister)},
 		{Type: unix.NFTA_BITWISE_DREG, Data: binaryutil.BigEndian.PutUint32(e.DestRegister)},
 		{Type: unix.NFTA_BITWISE_LEN, Data: binaryutil.BigEndian.PutUint32(e.Len)},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_BITWISE_MASK, Data: mask},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_BITWISE_XOR, Data: xor},
 	})
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("bitwise\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Bitwise) unmarshal(fam byte, data []byte) error {

expr/bitwise_test.go

@@ -32,7 +32,7 @@ func TestBitwise(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			nbw := Bitwise{}
-			data, err := tt.bw.marshal(0 /* don't care in this test */)
+			data, err := tt.bw.marshal(0 /* don't care in this test */, false)
 			if err != nil {
 				t.Fatalf("marshal error: %+v", err)
 

expr/byteorder.go

@@ -37,27 +37,26 @@ type Byteorder struct {
 	Size           uint32
 }
 
-func (e *Byteorder) marshal(fam byte) ([]byte, error) {
+func (e *Byteorder) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_BYTEORDER_SREG, Data: binaryutil.BigEndian.PutUint32(e.SourceRegister)},
+		{Type: unix.NFTA_BYTEORDER_DREG, Data: binaryutil.BigEndian.PutUint32(e.DestRegister)},
+		{Type: unix.NFTA_BYTEORDER_OP, Data: binaryutil.BigEndian.PutUint32(uint32(e.Op))},
+		{Type: unix.NFTA_BYTEORDER_LEN, Data: binaryutil.BigEndian.PutUint32(e.Len)},
+		{Type: unix.NFTA_BYTEORDER_SIZE, Data: binaryutil.BigEndian.PutUint32(e.Size)},
+	})
 	if err != nil {
 		return nil, err
 	}
+	if dataOnly {
+		return data, nil
+	}
 	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_EXPR_NAME, Data: []byte("byteorder\x00")},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
 	})
 }
 
-func (e *Byteorder) marshalData(fam byte) ([]byte, error) {
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_BYTEORDER_SREG, Data: binaryutil.BigEndian.PutUint32(e.SourceRegister)},
-		{Type: unix.NFTA_BYTEORDER_DREG, Data: binaryutil.BigEndian.PutUint32(e.DestRegister)},
-		{Type: unix.NFTA_BYTEORDER_OP, Data: binaryutil.BigEndian.PutUint32(uint32(e.Op))},
-		{Type: unix.NFTA_BYTEORDER_LEN, Data: binaryutil.BigEndian.PutUint32(e.Len)},
-		{Type: unix.NFTA_BYTEORDER_SIZE, Data: binaryutil.BigEndian.PutUint32(e.Size)},
-	})
-}
-
 func (e *Byteorder) unmarshal(fam byte, data []byte) error {
 	return fmt.Errorf("not yet implemented")
 }

expr/connlimit.go

@@ -36,11 +36,17 @@ type Connlimit struct {
 	Flags uint32
 }
 
-func (e *Connlimit) marshal(fam byte) ([]byte, error) {
+func (e *Connlimit) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: NFTA_CONNLIMIT_COUNT, Data: binaryutil.BigEndian.PutUint32(e.Count)},
+		{Type: NFTA_CONNLIMIT_FLAGS, Data: binaryutil.BigEndian.PutUint32(e.Flags)},
+	})
 	if err != nil {
 		return nil, err
 	}
+	if dataOnly {
+		return data, nil
+	}
 
 	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_EXPR_NAME, Data: []byte("connlimit\x00")},
@@ -48,13 +54,6 @@ func (e *Connlimit) marshal(fam byte) ([]byte, error) {
 	})
 }
 
-func (e *Connlimit) marshalData(fam byte) ([]byte, error) {
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: NFTA_CONNLIMIT_COUNT, Data: binaryutil.BigEndian.PutUint32(e.Count)},
-		{Type: NFTA_CONNLIMIT_FLAGS, Data: binaryutil.BigEndian.PutUint32(e.Flags)},
-	})
-}
-
 func (e *Connlimit) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 	if err != nil {

expr/counter.go

@@ -27,11 +27,17 @@ type Counter struct {
 	Packets uint64
 }
 
-func (e *Counter) marshal(fam byte) ([]byte, error) {
+func (e *Counter) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_COUNTER_BYTES, Data: binaryutil.BigEndian.PutUint64(e.Bytes)},
+		{Type: unix.NFTA_COUNTER_PACKETS, Data: binaryutil.BigEndian.PutUint64(e.Packets)},
+	})
 	if err != nil {
 		return nil, err
 	}
+	if dataOnly {
+		return data, nil
+	}
 
 	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_EXPR_NAME, Data: []byte("counter\x00")},
@@ -39,13 +45,6 @@ func (e *Counter) marshal(fam byte) ([]byte, error) {
 	})
 }
 
-func (e *Counter) marshalData(fam byte) ([]byte, error) {
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_COUNTER_BYTES, Data: binaryutil.BigEndian.PutUint64(e.Bytes)},
-		{Type: unix.NFTA_COUNTER_PACKETS, Data: binaryutil.BigEndian.PutUint64(e.Packets)},
-	})
-}
-
 func (e *Counter) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 	if err != nil {

expr/ct.go

@@ -63,19 +63,7 @@ type Ct struct {
 	Key            CtKey
 }
 
-func (e *Ct) marshal(fam byte) ([]byte, error) {
+func (e *Ct) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	exprData, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("ct\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
-	})
-}
-
-func (e *Ct) marshalData(fam byte) ([]byte, error) {
 	var regData []byte
 	exprData, err := netlink.MarshalAttributes(
 		[]netlink.Attribute{
@@ -102,7 +90,14 @@ func (e *Ct) marshalData(fam byte) ([]byte, error) {
 		return nil, err
 	}
 	exprData = append(exprData, regData...)
+	if dataOnly {
 		return exprData, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("ct\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
+	})
 }
 
 func (e *Ct) unmarshal(fam byte, data []byte) error {

expr/dup.go

@@ -28,19 +28,7 @@ type Dup struct {
 	IsRegDevSet bool
 }
 
-func (e *Dup) marshal(fam byte) ([]byte, error) {
+func (e *Dup) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("dup\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Dup) marshalData(fam byte) ([]byte, error) {
 	attrs := []netlink.Attribute{
 		{Type: unix.NFTA_DUP_SREG_ADDR, Data: binaryutil.BigEndian.PutUint32(e.RegAddr)},
 	}
@@ -49,7 +37,18 @@ func (e *Dup) marshalData(fam byte) ([]byte, error) {
 		attrs = append(attrs, netlink.Attribute{Type: unix.NFTA_DUP_SREG_DEV, Data: binaryutil.BigEndian.PutUint32(e.RegDev)})
 	}
 
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("dup\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Dup) unmarshal(fam byte, data []byte) error {

expr/dynset.go

@@ -43,19 +43,7 @@ type Dynset struct {
 	Exprs      []Any
 }
 
-func (e *Dynset) marshal(fam byte) ([]byte, error) {
+func (e *Dynset) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	opData, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("dynset\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: opData},
-	})
-}
-
-func (e *Dynset) marshalData(fam byte) ([]byte, error) {
 	// See: https://git.netfilter.org/libnftnl/tree/src/expr/dynset.c
 	var opAttrs []netlink.Attribute
 	opAttrs = append(opAttrs, netlink.Attribute{Type: unix.NFTA_DYNSET_SREG_KEY, Data: binaryutil.BigEndian.PutUint32(e.SrcRegKey)})
@@ -101,9 +89,20 @@ func (e *Dynset) marshalData(fam byte) ([]byte, error) {
 			opAttrs = append(opAttrs, netlink.Attribute{Type: NFTA_DYNSET_EXPRESSIONS, Data: elemData})
 		}
 	}
-
 	opAttrs = append(opAttrs, netlink.Attribute{Type: unix.NFTA_DYNSET_FLAGS, Data: binaryutil.BigEndian.PutUint32(flags)})
-	return netlink.MarshalAttributes(opAttrs)
+
+	opData, err := netlink.MarshalAttributes(opAttrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return opData, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("dynset\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: opData},
+	})
 }
 
 func (e *Dynset) unmarshal(fam byte, data []byte) error {

expr/expr.go

@@ -56,11 +56,11 @@ func init() {
 
 // Marshal serializes the specified expression into a byte slice.
 func Marshal(fam byte, e Any) ([]byte, error) {
-	return e.marshal(fam)
+	return e.marshal(fam, false)
 }
 
 func MarshalExprData(fam byte, e Any) ([]byte, error) {
-	return e.marshalData(fam)
+	return e.marshal(fam, true)
 }
 
 // Unmarshal fills an expression from the specified byte slice.
@@ -188,8 +188,7 @@ func exprFromName(name string) Any {
 
 // Any is an interface implemented by any expression type.
 type Any interface {
-	marshal(fam byte) ([]byte, error)
+	marshal(fam byte, dataOnly bool) ([]byte, error)
-	marshalData(fam byte) ([]byte, error)
 	unmarshal(fam byte, data []byte) error
 }
 
@@ -234,19 +233,7 @@ type Meta struct {
 	Register       uint32
 }
 
-func (e *Meta) marshal(fam byte) ([]byte, error) {
+func (e *Meta) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	exprData, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("meta\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
-	})
-}
-
-func (e *Meta) marshalData(fam byte) ([]byte, error) {
 	var regData []byte
 	exprData, err := netlink.MarshalAttributes(
 		[]netlink.Attribute{
@@ -273,7 +260,14 @@ func (e *Meta) marshalData(fam byte) ([]byte, error) {
 		return nil, err
 	}
 	exprData = append(exprData, regData...)
+	if dataOnly {
 		return exprData, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("meta\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
+	})
 }
 
 func (e *Meta) unmarshal(fam byte, data []byte) error {
@@ -319,18 +313,7 @@ const (
 	NF_NAT_RANGE_PREFIX = unix.NF_NAT_RANGE_NETMAP
 )
 
-func (e *Masq) marshal(fam byte) ([]byte, error) {
+func (e *Masq) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	msgData, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("masq\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: msgData},
-	})
-}
-
-func (e *Masq) marshalData(fam byte) ([]byte, error) {
 	msgData := []byte{}
 	if !e.ToPorts {
 		flags := uint32(0)
@@ -367,7 +350,13 @@ func (e *Masq) marshalData(fam byte) ([]byte, error) {
 			msgData = append(msgData, regsData...)
 		}
 	}
+	if dataOnly {
 		return msgData, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("masq\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: msgData},
+	})
 }
 
 func (e *Masq) unmarshal(fam byte, data []byte) error {
@@ -413,29 +402,28 @@ type Cmp struct {
 	Data     []byte
 }
 
-func (e *Cmp) marshal(fam byte) ([]byte, error) {
+func (e *Cmp) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	exprData, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("cmp\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
-	})
-}
-
-func (e *Cmp) marshalData(fam byte) ([]byte, error) {
 	cmpData, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_DATA_VALUE, Data: e.Data},
 	})
 	if err != nil {
 		return nil, err
 	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
+	exprData, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_CMP_SREG, Data: binaryutil.BigEndian.PutUint32(e.Register)},
 		{Type: unix.NFTA_CMP_OP, Data: binaryutil.BigEndian.PutUint32(uint32(e.Op))},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_CMP_DATA, Data: cmpData},
 	})
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return cmpData, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("cmp\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
+	})
 }
 
 func (e *Cmp) unmarshal(fam byte, data []byte) error {

expr/exthdr.go

@@ -39,18 +39,7 @@ type Exthdr struct {
 	SourceRegister uint32
 }
 
-func (e *Exthdr) marshal(fam byte) ([]byte, error) {
+func (e *Exthdr) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("exthdr\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Exthdr) marshalData(fam byte) ([]byte, error) {
 	var attr []netlink.Attribute
 
 	// Operations are differentiated by the Op and whether the SourceRegister
@@ -75,7 +64,17 @@ func (e *Exthdr) marshalData(fam byte) ([]byte, error) {
 			netlink.Attribute{Type: unix.NFTA_EXTHDR_FLAGS, Data: binaryutil.BigEndian.PutUint32(e.Flags)})
 	}
 
-	return netlink.MarshalAttributes(attr)
+	data, err := netlink.MarshalAttributes(attr)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("exthdr\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Exthdr) unmarshal(fam byte, data []byte) error {

expr/exthdr_test.go

@@ -44,7 +44,7 @@ func TestExthdr(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			neh := Exthdr{}
-			data, err := tt.eh.marshal(0 /* don't care in this test */)
+			data, err := tt.eh.marshal(0 /* don't care in this test */, false)
 			if err != nil {
 				t.Fatalf("marshal error: %+v", err)
 

expr/fib.go

@@ -36,18 +36,7 @@ type Fib struct {
 	FlagPRESENT    bool
 }
 
-func (e *Fib) marshal(fam byte) ([]byte, error) {
+func (e *Fib) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("fib\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Fib) marshalData(fam byte) ([]byte, error) {
 	data := []byte{}
 	reg, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_FIB_DREG, Data: binaryutil.BigEndian.PutUint32(e.Register)},
@@ -103,7 +92,13 @@ func (e *Fib) marshalData(fam byte) ([]byte, error) {
 		}
 		data = append(data, rslt...)
 	}
+	if dataOnly {
 		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("fib\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Fib) unmarshal(fam byte, data []byte) error {

expr/flow_offload.go

@@ -27,11 +27,16 @@ type FlowOffload struct {
 	Name string
 }
 
-func (e *FlowOffload) marshal(fam byte) ([]byte, error) {
+func (e *FlowOffload) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: NFTNL_EXPR_FLOW_TABLE_NAME, Data: []byte(e.Name)},
+	})
 	if err != nil {
 		return nil, err
 	}
+	if dataOnly {
+		return data, nil
+	}
 
 	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_EXPR_NAME, Data: []byte("flow_offload\x00")},
@@ -39,12 +44,6 @@ func (e *FlowOffload) marshal(fam byte) ([]byte, error) {
 	})
 }
 
-func (e *FlowOffload) marshalData(fam byte) ([]byte, error) {
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: NFTNL_EXPR_FLOW_TABLE_NAME, Data: []byte(e.Name)},
-	})
-}
-
 func (e *FlowOffload) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 	if err != nil {

expr/hash.go

@@ -40,18 +40,7 @@ type Hash struct {
 	Type           HashType
 }
 
-func (e *Hash) marshal(fam byte) ([]byte, error) {
+func (e *Hash) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("hash\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Hash) marshalData(fam byte) ([]byte, error) {
 	hashAttrs := []netlink.Attribute{
 		{Type: unix.NFTA_HASH_SREG, Data: binaryutil.BigEndian.PutUint32(uint32(e.SourceRegister))},
 		{Type: unix.NFTA_HASH_DREG, Data: binaryutil.BigEndian.PutUint32(uint32(e.DestRegister))},
@@ -67,7 +56,17 @@ func (e *Hash) marshalData(fam byte) ([]byte, error) {
 		{Type: unix.NFTA_HASH_OFFSET, Data: binaryutil.BigEndian.PutUint32(uint32(e.Offset))},
 		{Type: unix.NFTA_HASH_TYPE, Data: binaryutil.BigEndian.PutUint32(uint32(e.Type))},
 	}...)
-	return netlink.MarshalAttributes(hashAttrs)
+	data, err := netlink.MarshalAttributes(hashAttrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("hash\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Hash) unmarshal(fam byte, data []byte) error {

expr/immediate.go

@@ -28,18 +28,7 @@ type Immediate struct {
 	Data     []byte
 }
 
-func (e *Immediate) marshal(fam byte) ([]byte, error) {
+func (e *Immediate) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("immediate\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Immediate) marshalData(fam byte) ([]byte, error) {
 	immData, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_DATA_VALUE, Data: e.Data},
 	})
@@ -47,10 +36,20 @@ func (e *Immediate) marshalData(fam byte) ([]byte, error) {
 		return nil, err
 	}
 
-	return netlink.MarshalAttributes([]netlink.Attribute{
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_IMMEDIATE_DREG, Data: binaryutil.BigEndian.PutUint32(e.Register)},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_IMMEDIATE_DATA, Data: immData},
 	})
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("immediate\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Immediate) unmarshal(fam byte, data []byte) error {

expr/limit.go

@@ -71,19 +71,7 @@ type Limit struct {
 	Burst uint32
 }
 
-func (l *Limit) marshal(fam byte) ([]byte, error) {
+func (l *Limit) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := l.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("limit\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (l *Limit) marshalData(fam byte) ([]byte, error) {
 	var flags uint32
 	if l.Over {
 		flags = unix.NFT_LIMIT_F_INV
@@ -96,7 +84,18 @@ func (l *Limit) marshalData(fam byte) ([]byte, error) {
 		{Type: unix.NFTA_LIMIT_FLAGS, Data: binaryutil.BigEndian.PutUint32(flags)},
 	}
 
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("limit\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (l *Limit) unmarshal(fam byte, data []byte) error {

expr/log.go

@@ -68,19 +68,7 @@ type Log struct {
 	Data []byte
 }
 
-func (e *Log) marshal(fam byte) ([]byte, error) {
+func (e *Log) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("log\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Log) marshalData(fam byte) ([]byte, error) {
 	// Per https://git.netfilter.org/libnftnl/tree/src/expr/log.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n129
 	attrs := make([]netlink.Attribute, 0)
 	if e.Key&(1<<unix.NFTA_LOG_GROUP) != 0 {
@@ -121,7 +109,18 @@ func (e *Log) marshalData(fam byte) ([]byte, error) {
 		})
 	}
 
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("log\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Log) unmarshal(fam byte, data []byte) error {

expr/lookup.go

@@ -33,19 +33,7 @@ type Lookup struct {
 	Invert  bool
 }
 
-func (e *Lookup) marshal(fam byte) ([]byte, error) {
+func (e *Lookup) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	opData, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("lookup\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: opData},
-	})
-}
-
-func (e *Lookup) marshalData(fam byte) ([]byte, error) {
 	// See: https://git.netfilter.org/libnftnl/tree/src/expr/lookup.c?id=6dc1c3d8bb64077da7f3f28c7368fb087d10a492#n115
 	var opAttrs []netlink.Attribute
 	if e.SourceRegister != 0 {
@@ -61,7 +49,18 @@ func (e *Lookup) marshalData(fam byte) ([]byte, error) {
 		netlink.Attribute{Type: unix.NFTA_LOOKUP_SET, Data: []byte(e.SetName + "\x00")},
 		netlink.Attribute{Type: unix.NFTA_LOOKUP_SET_ID, Data: binaryutil.BigEndian.PutUint32(e.SetID)},
 	)
-	return netlink.MarshalAttributes(opAttrs)
+	opData, err := netlink.MarshalAttributes(opAttrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return opData, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("lookup\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: opData},
+	})
 }
 
 func (e *Lookup) unmarshal(fam byte, data []byte) error {

expr/match.go

@@ -17,18 +17,7 @@ type Match struct {
 	Info xt.InfoAny
 }
 
-func (e *Match) marshal(fam byte) ([]byte, error) {
+func (e *Match) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("match\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Match) marshalData(fam byte) ([]byte, error) {
 	// Per https://git.netfilter.org/libnftnl/tree/src/expr/match.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n38
 	name := e.Name
 	// limit the extension name as (some) user-space tools do and leave room for
@@ -47,7 +36,17 @@ func (e *Match) marshalData(fam byte) ([]byte, error) {
 		{Type: unix.NFTA_MATCH_REV, Data: binaryutil.BigEndian.PutUint32(e.Rev)},
 		{Type: unix.NFTA_MATCH_INFO, Data: info},
 	}
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("match\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Match) unmarshal(fam byte, data []byte) error {

expr/match_test.go

@@ -30,7 +30,7 @@ func TestMatch(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			ntgt := Match{}
-			data, err := tt.mtch.marshal(0 /* don't care in this test */)
+			data, err := tt.mtch.marshal(0 /* don't care in this test */, false)
 			if err != nil {
 				t.Fatalf("marshal error: %+v", err)
 

expr/meta_test.go

@@ -36,7 +36,7 @@ func TestMeta(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			nMeta := Meta{}
-			data, err := tt.meta.marshal(0 /* don't care in this test */)
+			data, err := tt.meta.marshal(0 /* don't care in this test */, false)
 			if err != nil {
 				t.Fatalf("marshal error: %+v", err)
 

expr/nat.go

@@ -56,18 +56,7 @@ type NAT struct {
 // |00008|--|00005|	|len |flags| type| NFTA_NAT_REG_PROTO_MIN
 // | 00 00 00 02  |	|      data      |  reg 2
 
-func (e *NAT) marshal(fam byte) ([]byte, error) {
+func (e *NAT) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("nat\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *NAT) marshalData(fam byte) ([]byte, error) {
 	attrs := []netlink.Attribute{
 		{Type: unix.NFTA_NAT_TYPE, Data: binaryutil.BigEndian.PutUint32(uint32(e.Type))},
 		{Type: unix.NFTA_NAT_FAMILY, Data: binaryutil.BigEndian.PutUint32(e.Family)},
@@ -101,7 +90,17 @@ func (e *NAT) marshalData(fam byte) ([]byte, error) {
 		attrs = append(attrs, netlink.Attribute{Type: unix.NFTA_NAT_FLAGS, Data: binaryutil.BigEndian.PutUint32(flags)})
 	}
 
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("nat\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *NAT) unmarshal(fam byte, data []byte) error {

expr/notrack.go

@@ -21,16 +21,12 @@ import (
 
 type Notrack struct{}
 
-func (e *Notrack) marshal(fam byte) ([]byte, error) {
+func (e *Notrack) marshal(fam byte, dataOnly bool) ([]byte, error) {
 	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_EXPR_NAME, Data: []byte("notrack\x00")},
 	})
 }
 
-func (e *Notrack) marshalData(fam byte) ([]byte, error) {
-	return []byte("notrack\x00"), nil
-}
-
 func (e *Notrack) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 

expr/numgen.go

@@ -31,19 +31,7 @@ type Numgen struct {
 	Offset   uint32
 }
 
-func (e *Numgen) marshal(fam byte) ([]byte, error) {
+func (e *Numgen) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("numgen\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Numgen) marshalData(fam byte) ([]byte, error) {
 	// Currently only two types are supported, failing if Type is not of two known types
 	switch e.Type {
 	case unix.NFT_NG_INCREMENTAL:
@@ -52,12 +40,23 @@ func (e *Numgen) marshalData(fam byte) ([]byte, error) {
 		return nil, fmt.Errorf("unsupported numgen type %d", e.Type)
 	}
 
-	return netlink.MarshalAttributes([]netlink.Attribute{
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_NG_DREG, Data: binaryutil.BigEndian.PutUint32(e.Register)},
 		{Type: unix.NFTA_NG_MODULUS, Data: binaryutil.BigEndian.PutUint32(e.Modulus)},
 		{Type: unix.NFTA_NG_TYPE, Data: binaryutil.BigEndian.PutUint32(e.Type)},
 		{Type: unix.NFTA_NG_OFFSET, Data: binaryutil.BigEndian.PutUint32(e.Offset)},
 	})
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("numgen\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Numgen) unmarshal(fam byte, data []byte) error {

expr/objref.go

@@ -27,11 +27,17 @@ type Objref struct {
 	Name string
 }
 
-func (e *Objref) marshal(fam byte) ([]byte, error) {
+func (e *Objref) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_OBJREF_IMM_TYPE, Data: binaryutil.BigEndian.PutUint32(uint32(e.Type))},
+		{Type: unix.NFTA_OBJREF_IMM_NAME, Data: []byte(e.Name)}, // NOT \x00-terminated?!
+	})
 	if err != nil {
 		return nil, err
 	}
+	if dataOnly {
+		return data, nil
+	}
 
 	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_EXPR_NAME, Data: []byte("objref\x00")},
@@ -39,13 +45,6 @@ func (e *Objref) marshal(fam byte) ([]byte, error) {
 	})
 }
 
-func (e *Objref) marshalData(fam byte) ([]byte, error) {
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_OBJREF_IMM_TYPE, Data: binaryutil.BigEndian.PutUint32(uint32(e.Type))},
-		{Type: unix.NFTA_OBJREF_IMM_NAME, Data: []byte(e.Name)}, // NOT \x00-terminated?!
-	})
-}
-
 func (e *Objref) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 	if err != nil {

expr/payload.go

@@ -57,19 +57,8 @@ type Payload struct {
 	CsumFlags      uint32
 }
 
-func (e *Payload) marshal(fam byte) ([]byte, error) {
+func (e *Payload) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
 
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("payload\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Payload) marshalData(fam byte) ([]byte, error) {
 	var attrs []netlink.Attribute
 
 	if e.OperationType == PayloadWrite {
@@ -100,7 +89,18 @@ func (e *Payload) marshalData(fam byte) ([]byte, error) {
 		}
 	}
 
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("payload\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Payload) unmarshal(fam byte, data []byte) error {

expr/queue.go

@@ -43,28 +43,27 @@ type Queue struct {
 	Flag  QueueFlag
 }
 
-func (e *Queue) marshal(fam byte) ([]byte, error) {
+func (e *Queue) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
+	if e.Total == 0 {
+		e.Total = 1 // The total default value is 1
+	}
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_QUEUE_NUM, Data: binaryutil.BigEndian.PutUint16(e.Num)},
+		{Type: unix.NFTA_QUEUE_TOTAL, Data: binaryutil.BigEndian.PutUint16(e.Total)},
+		{Type: unix.NFTA_QUEUE_FLAGS, Data: binaryutil.BigEndian.PutUint16(uint16(e.Flag))},
+	})
 	if err != nil {
 		return nil, err
 	}
+	if dataOnly {
+		return data, nil
+	}
 	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_EXPR_NAME, Data: []byte("queue\x00")},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
 	})
 }
 
-func (e *Queue) marshalData(fam byte) ([]byte, error) {
-	if e.Total == 0 {
-		e.Total = 1 // The total default value is 1
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_QUEUE_NUM, Data: binaryutil.BigEndian.PutUint16(e.Num)},
-		{Type: unix.NFTA_QUEUE_TOTAL, Data: binaryutil.BigEndian.PutUint16(e.Total)},
-		{Type: unix.NFTA_QUEUE_FLAGS, Data: binaryutil.BigEndian.PutUint16(uint16(e.Flag))},
-	})
-}
-
 func (e *Queue) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 	if err != nil {

expr/quota.go

@@ -29,19 +29,7 @@ type Quota struct {
 	Over     bool
 }
 
-func (q *Quota) marshal(fam byte) ([]byte, error) {
+func (q *Quota) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := q.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("quota\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (q *Quota) marshalData(fam byte) ([]byte, error) {
 	attrs := []netlink.Attribute{
 		{Type: unix.NFTA_QUOTA_BYTES, Data: binaryutil.BigEndian.PutUint64(q.Bytes)},
 		{Type: unix.NFTA_QUOTA_CONSUMED, Data: binaryutil.BigEndian.PutUint64(q.Consumed)},
@@ -56,7 +44,18 @@ func (q *Quota) marshalData(fam byte) ([]byte, error) {
 		Data: binaryutil.BigEndian.PutUint32(flags),
 	})
 
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("quota\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (q *Quota) unmarshal(fam byte, data []byte) error {

expr/range.go

@@ -30,19 +30,7 @@ type Range struct {
 	ToData   []byte
 }
 
-func (e *Range) marshal(fam byte) ([]byte, error) {
+func (e *Range) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("range\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Range) marshalData(fam byte) ([]byte, error) {
 	var attrs []netlink.Attribute
 	var err error
 	var rangeFromData, rangeToData []byte
@@ -69,7 +57,13 @@ func (e *Range) marshalData(fam byte) ([]byte, error) {
 	}
 	data = append(data, rangeFromData...)
 	data = append(data, rangeToData...)
+	if dataOnly {
 		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("range\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Range) unmarshal(fam byte, data []byte) error {

expr/redirect.go

@@ -28,19 +28,7 @@ type Redir struct {
 	Flags            uint32
 }
 
-func (e *Redir) marshal(fam byte) ([]byte, error) {
+func (e *Redir) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("redir\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Redir) marshalData(fam byte) ([]byte, error) {
 	var attrs []netlink.Attribute
 	if e.RegisterProtoMin > 0 {
 		attrs = append(attrs, netlink.Attribute{Type: unix.NFTA_REDIR_REG_PROTO_MIN, Data: binaryutil.BigEndian.PutUint32(e.RegisterProtoMin)})
@@ -52,7 +40,18 @@ func (e *Redir) marshalData(fam byte) ([]byte, error) {
 		attrs = append(attrs, netlink.Attribute{Type: unix.NFTA_REDIR_FLAGS, Data: binaryutil.BigEndian.PutUint32(e.Flags)})
 	}
 
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("redir\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Redir) unmarshal(fam byte, data []byte) error {

expr/reject.go

@@ -27,24 +27,23 @@ type Reject struct {
 	Code uint8
 }
 
-func (e *Reject) marshal(fam byte) ([]byte, error) {
+func (e *Reject) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_REJECT_TYPE, Data: binaryutil.BigEndian.PutUint32(e.Type)},
+		{Type: unix.NFTA_REJECT_ICMP_CODE, Data: []byte{e.Code}},
+	})
 	if err != nil {
 		return nil, err
 	}
+	if dataOnly {
+		return data, nil
+	}
 	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_EXPR_NAME, Data: []byte("reject\x00")},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
 	})
 }
 
-func (e *Reject) marshalData(fam byte) ([]byte, error) {
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_REJECT_TYPE, Data: binaryutil.BigEndian.PutUint32(e.Type)},
-		{Type: unix.NFTA_REJECT_ICMP_CODE, Data: []byte{e.Code}},
-	})
-}
-
 func (e *Reject) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 	if err != nil {

expr/rt.go

@@ -36,24 +36,23 @@ type Rt struct {
 	Key      RtKey
 }
 
-func (e *Rt) marshal(fam byte) ([]byte, error) {
+func (e *Rt) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_RT_KEY, Data: binaryutil.BigEndian.PutUint32(uint32(e.Key))},
+		{Type: unix.NFTA_RT_DREG, Data: binaryutil.BigEndian.PutUint32(e.Register)},
+	})
 	if err != nil {
 		return nil, err
 	}
+	if dataOnly {
+		return data, nil
+	}
 	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_EXPR_NAME, Data: []byte("rt\x00")},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
 	})
 }
 
-func (e *Rt) marshalData(fam byte) ([]byte, error) {
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_RT_KEY, Data: binaryutil.BigEndian.PutUint32(uint32(e.Key))},
-		{Type: unix.NFTA_RT_DREG, Data: binaryutil.BigEndian.PutUint32(e.Register)},
-	})
-}
-
 func (e *Rt) unmarshal(fam byte, data []byte) error {
 	return fmt.Errorf("not yet implemented")
 }

expr/socket.go

@@ -48,27 +48,27 @@ const (
 	SocketKeyCgroupv2    SocketKey = NFT_SOCKET_CGROUPV2
 )
 
-func (e *Socket) marshal(fam byte) ([]byte, error) {
+func (e *Socket) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	exprData, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("socket\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
-	})
-}
-
-func (e *Socket) marshalData(fam byte) ([]byte, error) {
 	// NOTE: Socket.Level is only used when Socket.Key == SocketKeyCgroupv2. But `nft` always encoding it. Check link below:
 	// http://git.netfilter.org/nftables/tree/src/netlink_linearize.c?id=0583bac241ea18c9d7f61cb20ca04faa1e043b78#n319
-	return netlink.MarshalAttributes(
+	exprData, err := netlink.MarshalAttributes(
 		[]netlink.Attribute{
 			{Type: NFTA_SOCKET_DREG, Data: binaryutil.BigEndian.PutUint32(e.Register)},
 			{Type: NFTA_SOCKET_KEY, Data: binaryutil.BigEndian.PutUint32(uint32(e.Key))},
 			{Type: NFTA_SOCKET_LEVEL, Data: binaryutil.BigEndian.PutUint32(uint32(e.Level))},
 		},
 	)
+	if err != nil {
+		return nil, err
+	}
+
+	if dataOnly {
+		return exprData, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("socket\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
+	})
 }
 
 func (e *Socket) unmarshal(fam byte, data []byte) error {

expr/socket_test.go

@@ -74,7 +74,7 @@ func TestSocket(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			nSocket := Socket{}
-			data, err := tt.socket.marshal(0 /* don't care in this test */)
+			data, err := tt.socket.marshal(0 /* don't care in this test */, false)
 			if err != nil {
 				t.Fatalf("marshal error: %+v", err)
 

expr/target.go

@@ -20,18 +20,7 @@ type Target struct {
 	Info xt.InfoAny
 }
 
-func (e *Target) marshal(fam byte) ([]byte, error) {
+func (e *Target) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("target\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *Target) marshalData(fam byte) ([]byte, error) {
 	// Per https://git.netfilter.org/libnftnl/tree/src/expr/target.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n38
 	name := e.Name
 	// limit the extension name as (some) user-space tools do and leave room for
@@ -51,7 +40,17 @@ func (e *Target) marshalData(fam byte) ([]byte, error) {
 		{Type: unix.NFTA_TARGET_INFO, Data: info},
 	}
 
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("target\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Target) unmarshal(fam byte, data []byte) error {

expr/target_test.go

@@ -30,7 +30,7 @@ func TestTarget(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			ntgt := Target{}
-			data, err := tt.tgt.marshal(0 /* don't care in this test */)
+			data, err := tt.tgt.marshal(0 /* don't care in this test */, false)
 			if err != nil {
 				t.Fatalf("marshal error: %+v", err)
 

expr/tproxy.go

@@ -39,18 +39,7 @@ type TProxy struct {
 	RegPort     uint32
 }
 
-func (e *TProxy) marshal(fam byte) ([]byte, error) {
+func (e *TProxy) marshal(fam byte, dataOnly bool) ([]byte, error) {
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("tproxy\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
-
-func (e *TProxy) marshalData(fam byte) ([]byte, error) {
 	attrs := []netlink.Attribute{
 		{Type: NFTA_TPROXY_FAMILY, Data: binaryutil.BigEndian.PutUint32(uint32(e.Family))},
 		{Type: NFTA_TPROXY_REG_PORT, Data: binaryutil.BigEndian.PutUint32(e.RegPort)},
@@ -63,7 +52,17 @@ func (e *TProxy) marshalData(fam byte) ([]byte, error) {
 		})
 	}
 
-	return netlink.MarshalAttributes(attrs)
+	data, err := netlink.MarshalAttributes(attrs)
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("tproxy\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *TProxy) unmarshal(fam byte, data []byte) error {

expr/verdict.go

@@ -53,7 +53,7 @@ const (
 	VerdictStop
 )
 
-func (e *Verdict) marshal(fam byte) ([]byte, error) {
+func (e *Verdict) marshal(fam byte, dataOnly bool) ([]byte, error) {
 	// A verdict is a tree of netlink attributes structured as follows:
 	// NFTA_LIST_ELEM | NLA_F_NESTED {
 	//   NFTA_EXPR_NAME { "immediate\x00" }
@@ -64,17 +64,7 @@ func (e *Verdict) marshal(fam byte) ([]byte, error) {
 	//     }
 	//   }
 	// }
-	data, err := e.marshalData(fam)
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("immediate\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
-}
 
-func (e *Verdict) marshalData(fam byte) ([]byte, error) {
 	attrs := []netlink.Attribute{
 		{Type: unix.NFTA_VERDICT_CODE, Data: binaryutil.BigEndian.PutUint32(uint32(e.Kind))},
 	}
@@ -93,10 +83,20 @@ func (e *Verdict) marshalData(fam byte) ([]byte, error) {
 		return nil, err
 	}
 
-	return netlink.MarshalAttributes([]netlink.Attribute{
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_IMMEDIATE_DREG, Data: binaryutil.BigEndian.PutUint32(unix.NFT_REG_VERDICT)},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_IMMEDIATE_DATA, Data: immData},
 	})
+	if err != nil {
+		return nil, err
+	}
+	if dataOnly {
+		return data, nil
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("immediate\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
 }
 
 func (e *Verdict) unmarshal(fam byte, data []byte) error {

flowtable.go

@@ -219,7 +219,7 @@ func (cc *Conn) getFlowtables(t *Table) ([]netlink.Message, error) {
 
 	reply, err := receiveAckAware(conn, message.Header.Flags)
 	if err != nil {
-		return nil, fmt.Errorf("Receive: %v", err)
+		return nil, fmt.Errorf("receiveAckAware: %v", err)
 	}
 
 	return reply, nil

go.mod

@@ -12,6 +12,6 @@ require (
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/josharian/native v1.1.0 // indirect
 	github.com/mdlayher/socket v0.5.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/net v0.22.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
 )

go.sum

@@ -8,8 +8,8 @@ github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI
 github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
 github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc h1:R83G5ikgLMxrBvLh22JhdfI8K6YXEPHx5P03Uu3DRs4=
 github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=

obj.go

@@ -288,7 +288,7 @@ func (cc *Conn) getObj(o Obj, t *Table, msgType uint16) ([]Obj, error) {
 
 	reply, err := receiveAckAware(conn, message.Header.Flags)
 	if err != nil {
-		return nil, fmt.Errorf("Receive: %v", err)
+		return nil, fmt.Errorf("receiveAckAware: %v", err)
 	}
 	var objs []Obj
 	for _, msg := range reply {

rule.go

@@ -92,7 +92,7 @@ func (cc *Conn) GetRules(t *Table, c *Chain) ([]*Rule, error) {
 
 	reply, err := receiveAckAware(conn, message.Header.Flags)
 	if err != nil {
-		return nil, fmt.Errorf("Receive: %v", err)
+		return nil, fmt.Errorf("receiveAckAware: %v", err)
 	}
 	var rules []*Rule
 	for _, msg := range reply {

set.go

@@ -832,7 +832,7 @@ func (cc *Conn) GetSets(t *Table) ([]*Set, error) {
 
 	reply, err := receiveAckAware(conn, message.Header.Flags)
 	if err != nil {
-		return nil, fmt.Errorf("Receive: %v", err)
+		return nil, fmt.Errorf("receiveAckAware: %v", err)
 	}
 	var sets []*Set
 	for _, msg := range reply {
@@ -877,11 +877,11 @@ func (cc *Conn) GetSetByName(t *Table, name string) (*Set, error) {
 
 	reply, err := receiveAckAware(conn, message.Header.Flags)
 	if err != nil {
-		return nil, fmt.Errorf("Receive: %w", err)
+		return nil, fmt.Errorf("receiveAckAware: %w", err)
 	}
 
 	if len(reply) != 1 {
-		return nil, fmt.Errorf("Receive: expected to receive 1 message but got %d", len(reply))
+		return nil, fmt.Errorf("receiveAckAware: expected to receive 1 message but got %d", len(reply))
 	}
 	rs, err := setsFromMsg(reply[0])
 	if err != nil {
@@ -922,7 +922,7 @@ func (cc *Conn) GetSetElements(s *Set) ([]SetElement, error) {
 
 	reply, err := receiveAckAware(conn, message.Header.Flags)
 	if err != nil {
-		return nil, fmt.Errorf("Receive: %v", err)
+		return nil, fmt.Errorf("receiveAckAware: %v", err)
 	}
 	var elems []SetElement
 	for _, msg := range reply {